Security and compliance
Protect access, records, exports, and support handoffs.
Site Secure stores operational records that may matter for payroll, safety, compliance, audits, and customer closeout. Admins should treat access and exports carefully.
Access basics
- Approve new users only after confirming identity, role, and organization.
- Use the least-powerful role that lets the user do their job: Worker for field self-service, PM for assigned project oversight, Admin for organization operations, and Dev only for internal support.
- Remove or downgrade access when a user leaves a crew, project, or company.
- Keep billing, SSO, API, and integration secrets out of messages and support tickets.
- Review roles and tiers before enabling sensitive modules such as reports, Field Presence, integrations, SSO, public API access, or payroll exports.
Sensitive records
Use care with:
- Timecards and payroll exports
- Worker documents
- Certification records
- Incident records
- Location-related timecard evidence
- Audit history
Only export records when there is a clear business, payroll, safety, compliance, or legal reason.
Audit history
Audit history helps admins understand who changed a record and when. Use it when reviewing disputed timecards, worker role changes, certification approvals, document actions, incident updates, and organization settings.
Support handoff
If Site Secure shows a support reference, include it when contacting support. Also include the page, approximate time, user role, organization, job site, and what the user was trying to do. Do not include passwords, one-time codes, payment details, private keys, or secret tokens.